Menu

Thursday, December 25, 2008

Virus removal instructions

Some of the steps, that I apply when I find that my system got infected with a virus, Usually this becomes more visible when you find task manager, or regedit is disabled, or you find system resources are in full use even though you do not run too many applications.

1. download process explorer from microsoft website. http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx This is a nice tool, to begin with. it provides you details of present running processes in your system. It provides you additional information like path, executable name, whether it is a microsoft application etc.

2. If you suspect an application that is running, take the name of it and search on internet, see if you get any virus alert. If yes, your system is infected with virus.

3. Follow the internet for removal of virus.

4. One simple cure, that I always apply is to remove the file entries from system and remove references to the file from registry (especially from the start up applications list). Open registry editor (run->regedit), search for the virus executable file name in the full registry. You must remove all the references of it.

In general, HKEY_lOCAL_SYSTEM->Software->Microsoft->Windows->CurrentVersion will have 2 child nodes "Run" and "RunOnce", please check if virus has registered an entries under any of these nodes, If yes, please remove the entries. Make sure you also delete the executables from your file system.

In case "regedit" is disabled by virus, you can follow instructions from internet, on how to enable them, if nothing works out, you can try some reliable thirdparty, registry editing tools.